CVE-2024-8656

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 13, 2024
CWE ID 79

Summary

CVE-2024-8656 identifies a vulnerability in the WPFactory Helper plugin for WordPress that affects all versions up to and including 1.7.0, allowing for Reflected Cross-Site Scripting (XSS). This flaw arises from the improper use of the add_query_arg function without adequate URL escaping, enabling unauthenticated attackers to inject malicious scripts into web pages if users are tricked into clicking on a link. The vulnerability has an exploitability score of 2.8 and is rated as medium severity, requiring user interaction for exploitation. To remediate this issue, organizations should update to version 1.7.1 or later of the WPFactory Helper plugin. If left unaddressed, this vulnerability poses a risk of compromising user data and potentially enabling further attacks within an organization's network.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share